Hardware Touch, Stronger SSH

(ubicloud.com)

22 points | by furkansahin 4 days ago

4 comments

simon04 1 hour ago
Using a Token2 based id_ed25519_sk_rk key, I found very helpful to configure a different `pushurl` in `.git/config`. This allows to pull via HTTPS w/o a hardware touch.
```
    [remote "origin"]
            url = https://github.com/freeCodeCamp/devdocs.git
            pushurl = git@github.com:freeCodeCamp/devdocs.git
```
antonkochubey 2 hours ago
On Apple Silicon devices with macOS 26+, SSH keys can be natively stored in the Secure Enclave, protected via TouchID: https://news.ycombinator.com/item?id=46025721
It only supports sk-ecdsa-sha2-nistp256 key format, however that is widely supported currently.
[-]
- XiS 2 hours ago
  Been using ed25519-sk with Yubikey for a few years now. Key is stored in KeepassXC and loaded in my SSH agent upon unlock.
  It makes my SSH key pretty portable across devices
- Almondsetat 1 hour ago
  You can also do something similar with any computer that has a TPM. It's unfortunate that people don't really know about it, but I guess the tools available aren't that user friendly
  [-]
  - Foxboron 1 hour ago
    > It's unfortunate that people don't really know about it, but I guess the tools available aren't that user friendly
    This is my cue.
    https://github.com/Foxboron/ssh-tpm-agent
    [-]
    - Sublevel5169 31 minutes ago
      Thank you for sharing!
olivermuty 2 hours ago
Filler pr jippo fluffer article aside, anyone tried to self host ubicloud lately? A year and a half ago it was super cumbersome, wondering if I should give it a new try now.
sebazzz 1 hour ago
SSH using GPG Yubikeys and git signing using GPG was quite a process to set up on Windows a few years ago. Not something I'd want or know how to repeat. Hopefully things have improved in the mean time.